In October 2017, Mrs. Underwood (the “Claimant”) was approached by a representative of Bounty UK Ltd (“Bounty”), a pregnancy and parenting support company, after giving birth at a hospital within the Hampshire Hospitals NHS Foundation Trust (the “Trust”). The Claimant alleged that the Bounty representative was able to access and read the medical notes at the foot of Mrs. Underwood’s hospital bed in the NHS antenatal maternity ward, which contained personal data about both the Claimant and her newborn son.
As a result, the Claimant claimed that the Trust had failed to take appropriate technical and organisational measures to prevent Bounty from accessing the personal data. On 13 April 2022, UK High Court dismissed the compensation claim made by Mrs. Underwood against the Trust for the breach of the Data Protection Act 1998.
The Claimant alleged that the Trust had breached several of the data protection principles under the pre-GDPR UK data protection regime (through culpable omission) by granting Bounty access to the antenatal ward resulting in the Bounty staff obtaining private information about the claimant and her son.
The UK High Court judge ruled that the acts of the Trust, by making available to the Claimant and the Trust’s staff documents necessary for the care and treatment of both the Claimant and her son (i.e., hanging the patient medical chart at the foot of the bed), cannot be regarded as making those documents available to the Bounty representative. There was no evidence that the Trust directly disclosed information to the Bounty representative. Therefore, the Trust was found not liable for the unauthorised (and unlawful) acts of the Bounty representative. The judge further added that a hospital cannot fulfil its role without “making available at least some limited data about patients”.
Please contact Jose Saras if you have any questions regarding the above.
The material contained in this article is only for general review of the topics covered and does not constitute any legal advice. No legal or business decision should be based on its content.